本文整理匯總了Golang中github.com/docker/notary/server/storage.MetaStore類的典型用法代碼示例。如果您正苦於以下問題:Golang MetaStore類的具體用法?Golang MetaStore怎麽用?Golang MetaStore使用的例子?那麽, 這裏精選的類代碼示例或許可以為您提供幫助。
在下文中一共展示了MetaStore類的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。
示例1: CreateTimestamp
// CreateTimestamp creates a new timestamp. If a prev timestamp is provided, it
// is assumed this is the immediately previous one, and the new one will have a
// version number one higher than prev. The store is used to lookup the current
// snapshot, this function does not save the newly generated timestamp.
func CreateTimestamp(gun string, prev *data.SignedTimestamp, snapshot []byte, store storage.MetaStore, cryptoService signed.CryptoService) (*data.Signed, int, error) {
algorithm, public, err := store.GetTimestampKey(gun)
if err != nil {
// owner of gun must have generated a timestamp key otherwise
// we won't proceed with generating everything.
return nil, 0, err
}
key := data.NewPublicKey(algorithm, public)
sn := &data.Signed{}
err = json.Unmarshal(snapshot, sn)
if err != nil {
// couldn't parse snapshot
return nil, 0, err
}
ts, err := data.NewTimestamp(sn)
if err != nil {
return nil, 0, err
}
if prev != nil {
ts.Signed.Version = prev.Signed.Version + 1
}
sgndTs, err := cjson.Marshal(ts.Signed)
if err != nil {
return nil, 0, err
}
out := &data.Signed{
Signatures: ts.Signatures,
Signed: sgndTs,
}
err = signed.Sign(cryptoService, out, key)
if err != nil {
return nil, 0, err
}
return out, ts.Signed.Version, nil
}示例2: GetOrCreateSnapshotKey
// GetOrCreateSnapshotKey either creates a new snapshot key, or returns
// the existing one. Only the PublicKey is returned. The private part
// is held by the CryptoService.
func GetOrCreateSnapshotKey(gun string, store storage.MetaStore, crypto signed.CryptoService, createAlgorithm string) (data.PublicKey, error) {
_, rootJSON, err := store.GetCurrent(gun, data.CanonicalRootRole)
if err != nil {
// If the error indicates we couldn't find the root, create a new key
if _, ok := err.(storage.ErrNotFound); !ok {
logrus.Errorf("Error when retrieving root role for GUN %s: %v", gun, err)
return nil, err
}
return crypto.Create(data.CanonicalSnapshotRole, gun, createAlgorithm)
}
// If we have a current root, parse out the public key for the snapshot role, and return it
repoSignedRoot := new(data.SignedRoot)
if err := json.Unmarshal(rootJSON, repoSignedRoot); err != nil {
logrus.Errorf("Failed to unmarshal existing root for GUN %s to retrieve snapshot key ID", gun)
return nil, err
}
snapshotRole, err := repoSignedRoot.BuildBaseRole(data.CanonicalSnapshotRole)
if err != nil {
logrus.Errorf("Failed to extract snapshot role from root for GUN %s", gun)
return nil, err
}
// We currently only support single keys for snapshot and timestamp, so we can return the first and only key in the map if the signer has it
for keyID := range snapshotRole.Keys {
if pubKey := crypto.GetKey(keyID); pubKey != nil {
return pubKey, nil
}
}
logrus.Debugf("Failed to find any snapshot keys in cryptosigner from root for GUN %s, generating new key", gun)
return crypto.Create(data.CanonicalSnapshotRole, gun, createAlgorithm)
}示例3: GetOrCreateTimestamp
// GetOrCreateTimestamp returns the current timestamp for the gun. This may mean
// a new timestamp is generated either because none exists, or because the current
// one has expired. Once generated, the timestamp is saved in the store.
// Additionally, if we had to generate a new snapshot for this timestamp,
// it is also saved in the store
func GetOrCreateTimestamp(gun string, store storage.MetaStore, cryptoService signed.CryptoService) (
*time.Time, []byte, error) {
updates := []storage.MetaUpdate{}
lastModified, timestampJSON, err := store.GetCurrent(gun, data.CanonicalTimestampRole)
if err != nil {
logrus.Debug("error retrieving timestamp: ", err.Error())
return nil, nil, err
}
prev := &data.SignedTimestamp{}
if err := json.Unmarshal(timestampJSON, prev); err != nil {
logrus.Error("Failed to unmarshal existing timestamp")
return nil, nil, err
}
snapChecksums, err := prev.GetSnapshot()
if err != nil || snapChecksums == nil {
return nil, nil, err
}
snapshotSha256Bytes, ok := snapChecksums.Hashes[notary.SHA256]
if !ok {
return nil, nil, data.ErrMissingMeta{Role: data.CanonicalSnapshotRole}
}
snapshotSha256Hex := hex.EncodeToString(snapshotSha256Bytes[:])
snapshotTime, snapshot, err := snapshot.GetOrCreateSnapshot(gun, snapshotSha256Hex, store, cryptoService)
if err != nil {
logrus.Debug("Previous timestamp, but no valid snapshot for GUN ", gun)
return nil, nil, err
}
snapshotRole := &data.SignedSnapshot{}
if err := json.Unmarshal(snapshot, snapshotRole); err != nil {
logrus.Error("Failed to unmarshal retrieved snapshot")
return nil, nil, err
}
// If the snapshot was generated, we should write it with the timestamp
if snapshotTime == nil {
updates = append(updates, storage.MetaUpdate{Role: data.CanonicalSnapshotRole, Version: snapshotRole.Signed.Version, Data: snapshot})
}
if !timestampExpired(prev) && !snapshotExpired(prev, snapshot) {
return lastModified, timestampJSON, nil
}
tsUpdate, err := createTimestamp(gun, prev, snapshot, store, cryptoService)
if err != nil {
logrus.Error("Failed to create a new timestamp")
return nil, nil, err
}
updates = append(updates, *tsUpdate)
c := time.Now()
// Write the timestamp, and potentially snapshot
if err = store.UpdateMany(gun, updates); err != nil {
return nil, nil, err
}
return &c, tsUpdate.Data, nil
}示例4: generateSnapshot
// generateSnapshot generates a new snapshot from the previous one in the store - this assumes all
// the other roles except timestamp have already been set on the repo, and will set the generated
// snapshot on the repo as well
func generateSnapshot(gun string, builder tuf.RepoBuilder, store storage.MetaStore) (*storage.MetaUpdate, error) {
var prev *data.SignedSnapshot
_, currentJSON, err := store.GetCurrent(gun, data.CanonicalSnapshotRole)
if err == nil {
prev = new(data.SignedSnapshot)
if err = json.Unmarshal(currentJSON, prev); err != nil {
logrus.Error("Failed to unmarshal existing snapshot for GUN ", gun)
return nil, err
}
}
if _, ok := err.(storage.ErrNotFound); !ok && err != nil {
return nil, err
}
meta, ver, err := builder.GenerateSnapshot(prev)
switch err.(type) {
case nil:
return &storage.MetaUpdate{
Role: data.CanonicalSnapshotRole,
Version: ver,
Data: meta,
}, nil
case signed.ErrInsufficientSignatures, signed.ErrNoKeys, signed.ErrRoleThreshold:
// If we cannot sign the snapshot, then we don't have keys for the snapshot,
// and the client should have submitted a snapshot
return nil, validation.ErrBadHierarchy{
Missing: data.CanonicalSnapshotRole,
Msg: "no snapshot was included in update and server does not hold current snapshot key for repository"}
default:
return nil, validation.ErrValidation{Msg: err.Error()}
}
}示例5: createTimestamp
// CreateTimestamp creates a new timestamp. If a prev timestamp is provided, it
// is assumed this is the immediately previous one, and the new one will have a
// version number one higher than prev. The store is used to lookup the current
// snapshot, this function does not save the newly generated timestamp.
func createTimestamp(gun string, prev *data.SignedTimestamp, snapshot []byte, store storage.MetaStore,
cryptoService signed.CryptoService) (*storage.MetaUpdate, error) {
builder := tuf.NewRepoBuilder(gun, cryptoService, trustpinning.TrustPinConfig{})
// load the current root to ensure we use the correct timestamp key.
_, root, err := store.GetCurrent(gun, data.CanonicalRootRole)
if err != nil {
logrus.Debug("Previous timestamp, but no root for GUN ", gun)
return nil, err
}
if err := builder.Load(data.CanonicalRootRole, root, 1, false); err != nil {
logrus.Debug("Could not load valid previous root for GUN ", gun)
return nil, err
}
// load snapshot so we can include it in timestamp
if err := builder.Load(data.CanonicalSnapshotRole, snapshot, 1, false); err != nil {
logrus.Debug("Could not load valid previous snapshot for GUN ", gun)
return nil, err
}
meta, ver, err := builder.GenerateTimestamp(prev)
if err != nil {
return nil, err
}
return &storage.MetaUpdate{
Role: data.CanonicalTimestampRole,
Version: ver,
Data: meta,
}, nil
}示例6: getRole
func getRole(ctx context.Context, store storage.MetaStore, gun, role, checksum string) (*time.Time, []byte, error) {
var (
lastModified *time.Time
out []byte
err error
)
if checksum == "" {
// the timestamp and snapshot might be server signed so are
// handled specially
switch role {
case data.CanonicalTimestampRole, data.CanonicalSnapshotRole:
return getMaybeServerSigned(ctx, store, gun, role)
}
lastModified, out, err = store.GetCurrent(gun, role)
} else {
lastModified, out, err = store.GetChecksum(gun, role, checksum)
}
if err != nil {
if _, ok := err.(storage.ErrNotFound); ok {
return nil, nil, errors.ErrMetadataNotFound.WithDetail(err)
}
return nil, nil, errors.ErrUnknown.WithDetail(err)
}
if out == nil {
return nil, nil, errors.ErrMetadataNotFound.WithDetail(nil)
}
return lastModified, out, nil
}示例7: loadFromStore
func loadFromStore(gun, roleName string, builder tuf.RepoBuilder, store storage.MetaStore) error {
_, metaJSON, err := store.GetCurrent(gun, roleName)
if err != nil {
return err
}
if err := builder.Load(roleName, metaJSON, 1, true); err != nil {
return err
}
return nil
}示例8: loadTargetsFromStore
func loadTargetsFromStore(gun, role string, repo *tuf.Repo, store storage.MetaStore) error {
tgtJSON, err := store.GetCurrent(gun, role)
if err != nil {
return err
}
t := &data.SignedTargets{}
err = json.Unmarshal(tgtJSON, t)
if err != nil {
return err
}
return repo.SetTargets(role, t)
}示例9: copyTimestampKey
func copyTimestampKey(t *testing.T, fromRepo *tuf.Repo,
toStore storage.MetaStore, gun string) {
role, err := fromRepo.GetBaseRole(data.CanonicalTimestampRole)
assert.NoError(t, err)
assert.NotNil(t, role, "No timestamp role in the root file")
assert.Len(t, role.ListKeyIDs(), 1, fmt.Sprintf(
"Expected 1 timestamp key in timestamp role, got %d", len(role.ListKeyIDs())))
pubTimestampKey := role.ListKeys()[0]
err = toStore.SetKey(gun, data.CanonicalTimestampRole, pubTimestampKey.Algorithm(),
pubTimestampKey.Public())
assert.NoError(t, err)
}示例10: copyTimestampKey
func copyTimestampKey(t *testing.T, fromKeyDB *keys.KeyDB,
toStore storage.MetaStore, gun string) {
role := fromKeyDB.GetRole(data.CanonicalTimestampRole)
assert.NotNil(t, role, "No timestamp role in the KeyDB")
assert.Len(t, role.KeyIDs, 1, fmt.Sprintf(
"Expected 1 timestamp key in timestamp role, got %d", len(role.KeyIDs)))
pubTimestampKey := fromKeyDB.GetKey(role.KeyIDs[0])
assert.NotNil(t, pubTimestampKey,
"Timestamp key specified by KeyDB role not in KeysDB")
err := toStore.SetKey(gun, data.CanonicalTimestampRole, pubTimestampKey.Algorithm(),
pubTimestampKey.Public())
assert.NoError(t, err)
}示例11: changefeed
func changefeed(logger ctxu.Logger, store storage.MetaStore, imageName, changeID string, records int64) ([]byte, error) {
changes, err := store.GetChanges(changeID, int(records), imageName)
if err != nil {
logger.Errorf("%d GET could not retrieve records: %s", http.StatusInternalServerError, err.Error())
return nil, errors.ErrUnknown.WithDetail(err)
}
out, err := json.Marshal(&changefeedResponse{
NumberOfRecords: len(changes),
Records: changes,
})
if err != nil {
logger.Errorf("%d GET could not json.Marshal changefeedResponse", http.StatusInternalServerError)
return nil, errors.ErrUnknown.WithDetail(err)
}
return out, nil
}示例12: getMaybeServerSigned
// getMaybeServerSigned writes the current snapshot or timestamp (based on the
// role passed) to the provided writer or returns an error. In retrieving
// the timestamp and snapshot, based on the keys held by the server, a new one
// might be generated and signed due to expiry of the previous one or updates
// to other roles.
func getMaybeServerSigned(ctx context.Context, store storage.MetaStore, gun, role string) (*time.Time, []byte, error) {
cryptoServiceVal := ctx.Value(notary.CtxKeyCryptoSvc)
cryptoService, ok := cryptoServiceVal.(signed.CryptoService)
if !ok {
return nil, nil, errors.ErrNoCryptoService.WithDetail(nil)
}
var (
lastModified *time.Time
out []byte
err error
)
if role != data.CanonicalTimestampRole && role != data.CanonicalSnapshotRole {
return nil, nil, fmt.Errorf("role %s cannot be server signed", role)
}
lastModified, out, err = timestamp.GetOrCreateTimestamp(gun, store, cryptoService)
if err != nil {
switch err.(type) {
case *storage.ErrNoKey, storage.ErrNotFound:
return nil, nil, errors.ErrMetadataNotFound.WithDetail(err)
default:
return nil, nil, errors.ErrUnknown.WithDetail(err)
}
}
// If we wanted the snapshot, get it by checksum from the timestamp data
if role == data.CanonicalSnapshotRole {
ts := new(data.SignedTimestamp)
if err := json.Unmarshal(out, ts); err != nil {
return nil, nil, err
}
snapshotChecksums, err := ts.GetSnapshot()
if err != nil || snapshotChecksums == nil {
return nil, nil, fmt.Errorf("could not retrieve latest snapshot checksum")
}
if snapshotSHA256Bytes, ok := snapshotChecksums.Hashes[notary.SHA256]; ok {
snapshotSHA256Hex := hex.EncodeToString(snapshotSHA256Bytes[:])
return store.GetChecksum(gun, role, snapshotSHA256Hex)
}
return nil, nil, fmt.Errorf("could not retrieve sha256 snapshot checksum")
}
return lastModified, out, nil
}示例13: validateRoot
func validateRoot(gun string, oldRoot, newRoot []byte, store storage.MetaStore) (
*data.SignedRoot, error) {
var parsedOldRoot *data.SignedRoot
parsedNewRoot := &data.SignedRoot{}
if oldRoot != nil {
parsedOldRoot = &data.SignedRoot{}
err := json.Unmarshal(oldRoot, parsedOldRoot)
if err != nil {
// TODO(david): if we can't read the old root should we continue
// here to check new root self referential integrity?
// This would permit recovery of a repo with a corrupted
// root.
logrus.Warn("Old root could not be parsed.")
}
}
err := json.Unmarshal(newRoot, parsedNewRoot)
if err != nil {
return nil, err
}
// Don't update if a timestamp key doesn't exist.
algo, keyBytes, err := store.GetKey(gun, data.CanonicalTimestampRole)
if err != nil || algo == "" || keyBytes == nil {
return nil, fmt.Errorf("no timestamp key for %s", gun)
}
timestampKey := data.NewPublicKey(algo, keyBytes)
if err := checkRoot(parsedOldRoot, parsedNewRoot, timestampKey); err != nil {
// TODO(david): how strict do we want to be here about old signatures
// for rotations? Should the user have to provide a flag
// which gets transmitted to force a root update without
// correct old key signatures.
return nil, err
}
if !data.ValidTUFType(parsedNewRoot.Signed.Type, data.CanonicalRootRole) {
return nil, fmt.Errorf("root has wrong type")
}
return parsedNewRoot, nil
}示例14: GetOrCreateTimestamp
// GetOrCreateTimestamp returns the current timestamp for the gun. This may mean
// a new timestamp is generated either because none exists, or because the current
// one has expired. Once generated, the timestamp is saved in the store.
func GetOrCreateTimestamp(gun string, store storage.MetaStore, cryptoService signed.CryptoService) ([]byte, error) {
snapshot, err := snapshot.GetOrCreateSnapshot(gun, store, cryptoService)
if err != nil {
return nil, err
}
d, err := store.GetCurrent(gun, "timestamp")
if err != nil {
if _, ok := err.(storage.ErrNotFound); !ok {
logrus.Error("error retrieving timestamp: ", err.Error())
return nil, err
}
logrus.Debug("No timestamp found, will proceed to create first timestamp")
}
ts := &data.SignedTimestamp{}
if d != nil {
err := json.Unmarshal(d, ts)
if err != nil {
logrus.Error("Failed to unmarshal existing timestamp")
return nil, err
}
if !timestampExpired(ts) && !snapshotExpired(ts, snapshot) {
return d, nil
}
}
sgnd, version, err := CreateTimestamp(gun, ts, snapshot, store, cryptoService)
if err != nil {
logrus.Error("Failed to create a new timestamp")
return nil, err
}
out, err := json.Marshal(sgnd)
if err != nil {
logrus.Error("Failed to marshal new timestamp")
return nil, err
}
err = store.UpdateCurrent(gun, storage.MetaUpdate{Role: "timestamp", Version: version, Data: out})
if err != nil {
return nil, err
}
return out, nil
}示例15: GetOrCreateTimestampKey
// GetOrCreateTimestampKey returns the timestamp key for the gun. It uses the store to
// lookup an existing timestamp key and the crypto to generate a new one if none is
// found. It attempts to handle the race condition that may occur if 2 servers try to
// create the key at the same time by simply querying the store a second time if it
// receives a conflict when writing.
func GetOrCreateTimestampKey(gun string, store storage.MetaStore, crypto signed.CryptoService, fallBackAlgorithm data.KeyAlgorithm) (data.PublicKey, error) {
keyAlgorithm, public, err := store.GetTimestampKey(gun)
if err == nil {
return data.NewPublicKey(keyAlgorithm, public), nil
}
if _, ok := err.(*storage.ErrNoKey); ok {
key, err := crypto.Create("timestamp", fallBackAlgorithm)
if err != nil {
return nil, err
}
logrus.Debug("Creating new timestamp key for ", gun, ". With algo: ", key.Algorithm())
err = store.SetTimestampKey(gun, key.Algorithm(), key.Public())
if err == nil {
return key, nil
}
if _, ok := err.(*storage.ErrTimestampKeyExists); ok {
keyAlgorithm, public, err = store.GetTimestampKey(gun)
if err != nil {
return nil, err
}
return data.NewPublicKey(keyAlgorithm, public), nil
}
return nil, err
}
return nil, err
}